HPE Community
Operating System - HP-UX
1752564 Members
4034 Online
108788 Solutions
New Discussion юеВ

Re: Sendmail and DNS host checking

 
SOLVED
Go to solution
Ron Brown_2
Frequent Advisor

тАО01-12-2006 04:58 AM

тАО01-12-2006 04:58 AM

Sendmail and DNS host checking

How can I disable DNS lookups when hosts attempt to connect to our mail gateway running HP-UX 11.00 and Sendmail version 8.11.1, config V9/Berkeley?
should work...
0 Kudos
Reply
9 REPLIES 9
Geoff Wild
Honored Contributor

тАО01-12-2006 05:12 AM

тАО01-12-2006 05:12 AM

Re: Sendmail and DNS host checking

You can't really - other then shutdown the sendmail daemon.

You could limit it - so that DNS isn't configured at all on the server.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Ron Brown_2
Frequent Advisor

тАО01-12-2006 05:14 AM

тАО01-12-2006 05:14 AM

Re: Sendmail and DNS host checking

I believe, though, that disabling DNS would effectively stop all mail delivery. That would be bad.
should work...
0 Kudos
Reply
Chan 007
Honored Contributor

тАО01-12-2006 05:16 AM

тАО01-12-2006 05:16 AM

Re: Sendmail and DNS host checking

Ron,

Check this file

/etc/mail/service.switch

007
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО01-12-2006 05:25 AM

тАО01-12-2006 05:25 AM

Re: Sendmail and DNS host checking

Not really - as you would go by what is in your /etc/hosts file.

See:

http://aplawrence.com/Bofcusm/22.html

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО01-12-2006 05:27 AM

тАО01-12-2006 05:27 AM

Re: Sendmail and DNS host checking

Uh - cancel my last post - as I looked in the sendmail.cf file and saw this:

# service switch file (ignored on HP-UX, Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch


Sorry about that...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО01-12-2006 05:34 AM

тАО01-12-2006 05:34 AM

Re: Sendmail and DNS host checking

Then again - you might want to test it - saw this in the FAQ:

http://www.sendmail.org/faq/section3.html#3.22

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
Ron Brown_2
Frequent Advisor

тАО01-12-2006 05:34 AM

тАО01-12-2006 05:34 AM

Re: Sendmail and DNS host checking

service.switch appears to merely switch lookups from DNS first to hosts first.

Any e-mail originating outside our network is currently looked up in DNS to check the validity of the sending domain; anything that does not resolve gets rejected. I am trying to avoid that. I want all mail to be accepted. Yes, I have additional security in place to help prevent bad stuff.
should work...
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

тАО01-12-2006 05:58 AM

тАО01-12-2006 05:58 AM

Solution

Re: Sendmail and DNS host checking

Domain lookups happen in two places:
1) connection of the RELAY - modern sendmail configurations want the RELAY to be defined in DNS
2) MAIL FROM: the domain portion of the users from address must generally look up in DNS.

You can bypass these features.

Get familiar with the README in
/usr/contrib/sendmail/usr/newconfig/etc/mail/cf

look at the accept_unresolvable_domains feature and the

You may need more. If you do, test commenting the
check_mail
check_rcpt
check_relay
rules in sendmail.cf. You won't need them all. If you're scared of M4/ you'll find gen_cf in a subdirectory of
/usr/contrib/sendmail/usr/newconfig/etc/mail//cf/cf
it uses menus.

These techniques bypass many of the anti-spam rules in sendmail.

If you've got more questions, ask 'em.
Reply
Ivan Ferreira
Honored Contributor

тАО01-12-2006 06:08 AM

тАО01-12-2006 06:08 AM

Re: Sendmail and DNS host checking

Yes, accept_unresolvable_domains is your option, you can try configuring sendmail using /usr/newconfig/etc/mail/cf/cf/gen_cf.


Use space as separator for the options.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.